Mobile device data is often stored in a secure manner using encryption keys. In various existing systems, a master encryption key used to secure data on a mobile device may be stored on the device, at a device management server, and/or other node. Storing the encryption key on the mobile device, server, and/or other node, however, may result in certain vulnerabilities if, for example, the encryption key is accessed by an adversary. In some existing systems, a master encryption key is derived from a mobile device user password. In this case, certain vulnerabilities may arise when a user forgets their passcode. It would be useful if a scheme for mobile device key management could be developed that would provide security of data on a device and allow for secure password recovery.